JSI Tip 7549. How do I list accounts in my domain whose password is set to never expire?

Using DSQUERY and DSGET, I have scripted PwdNeverExpires.bat to display the Distinguished Name (DN) of all domain user accounts whose password is set to never expire. The PwdNeverExpires.bat script does NOT report accounts that are disabled.

The syntax for using PwdNeverExpires.bat is:

PwdNeverExpires

The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:

PwdNeverExpires>FileName

You can use the output in subsequent commands, as in:

for /f "Tokens=*" %%i in ('PwdNeverExpires') do SomeCommand %%i

NOTE: See How do I list accounts in my domain that have NOT changed their password in nnn days?

NOTE: See How can I report all inactive user accounts, and optionally disable them?

PwdNeverExpires.bat contains:

@echo offsetlocalif exist "%TEMP%PwdNeverExpires.tm1" del /q "%TEMP%PwdNeverExpires.tm1"if exist "%TEMP%PwdNeverExpires.tm2" del /q "%TEMP%PwdNeverExpires.tm2"set getit=dsquery user domainroot -name * -limit 0for /f "Tokens=*" %%u in ('%getit%') do set UDN=%%u&call :pwdneif not exist "%TEMP%PwdNeverExpires.tm1" endlocal&goto :EOFsort "%TEMP%PwdNeverExpires.tm1" /O "%TEMP%PwdNeverExpires.tm2"type "%TEMP%PwdNeverExpires.tm2"del /q "%TEMP%PwdNeverExpires.tm1"del /q "%TEMP%PwdNeverExpires.tm2"endlocalgoto :EOF:pwdnefor /f "Skip=1 Tokens=1-2" %%i in ('dsget user %UDN% -pwdneverexpires -disabled') do ( if /i "%%i" NEQ "dsget" call :report %%i %%j)goto :EOF:reportif /i "%1" NEQ "yes" goto :EOFif /i "%2" EQU "yes" goto :EOF@echo %UDN%>>"%TEMP%PwdNeverExpires.tm1"